Security for Windows Services

In most aspects, a Windows service is an application like any other. You can use code access security to specify the permissions that this application needs and to control whether those permissions are available by using the .NET Framework Configuration tool.

Because Windows services are launched at bootup time and run for the entire time that the operating system is loaded, you need to pay special attention to the security context in which they run. The security context for a service is initially specified by the Account property of the ServiceProcessInstaller object that was used to place the service on the system (although the user can later change this context by using the Services administrative tool). The .NET Framework lets you choose one of the four values of the ServiceAccount enumeration for this property:

• LocalService A built-in account that has few privileges on the local computer. When accessing resources from a remote computer, the LocalService account presents anonymous credentials.

• NetworkService A built-in account that has few privileges on the local computer. When accessing resources from a remote computer, the NetworkService account presents the computer's credentials.

• LocalSystem A built-in account that has high privileges on the local computer. When accessing resources from a remote computer, the LocalSystem account presents the computer's credentials.

• User A built-in account for a specific user on the network. When you select the User value for the Account property, you must also supply a valid Windows username and password. The service runs with the privileges of the specified user and presents that user's credentials when requesting network resources.

The LocalService and NetworkService accounts are available only on Windows XP and Windows 2003 Server. These accounts do not exist on Windows 2000 or older operating systems.